OCSP
E792087
OCSP (Online Certificate Status Protocol) is an internet protocol used to obtain the real-time revocation status of digital certificates in public key infrastructures.
All labels observed (1)
| Label | Occurrences |
|---|---|
| OCSP canonical | 1 |
How this entity was disambiguated
This entity first appeared as the object of triple T9312230 — resolving that mention is where its identity was fixed. The disambiguator weighed these candidate entities and picked the highlighted one (or “None”, minting a new entity). This is how homonymy is resolved: the same surface form can point to different entities.
Target entity: OCSP Context triple: [OpenSSL, implementsStandard, OCSP]
-
A.
X.509 certificates
X.509 certificates are digital documents that bind a public key to an entity’s identity using a trusted certificate authority, forming the basis of public key infrastructure for secure communications.
-
B.
Certificate Enrollment Web Service
Certificate Enrollment Web Service is a Windows server role service that enables certificate enrollment and renewal over HTTPS, typically used with Active Directory Certificate Services to support remote and policy-based certificate requests.
-
C.
DST Root CA X3
DST Root CA X3 is a widely trusted root certificate authority operated by IdenTrust that historically provided the cross-signed trust anchor enabling broad browser compatibility for Let’s Encrypt certificates.
-
D.
PKI
PKI is the abbreviation for Partai Komunis Indonesia, the former communist party of Indonesia that played a major role in the country’s mid-20th-century political history.
-
E.
Certificate Enrollment Policy Web Service
Certificate Enrollment Policy Web Service is a Windows server role service that provides policy information over HTTPS to clients requesting digital certificates in an Active Directory Certificate Services environment.
- F. None of above. chosen
- G. Unsure - the case is ambiguous/there is not enough information to decide.
Target entity: OCSP Target entity description: OCSP (Online Certificate Status Protocol) is an internet protocol used to obtain the real-time revocation status of digital certificates in public key infrastructures.
-
A.
X.509 certificates
X.509 certificates are digital documents that bind a public key to an entity’s identity using a trusted certificate authority, forming the basis of public key infrastructure for secure communications.
-
B.
Certificate Enrollment Web Service
Certificate Enrollment Web Service is a Windows server role service that enables certificate enrollment and renewal over HTTPS, typically used with Active Directory Certificate Services to support remote and policy-based certificate requests.
-
C.
DST Root CA X3
DST Root CA X3 is a widely trusted root certificate authority operated by IdenTrust that historically provided the cross-signed trust anchor enabling broad browser compatibility for Let’s Encrypt certificates.
-
D.
PKI
PKI is the abbreviation for Partai Komunis Indonesia, the former communist party of Indonesia that played a major role in the country’s mid-20th-century political history.
-
E.
Certificate Enrollment Policy Web Service
Certificate Enrollment Policy Web Service is a Windows server role service that provides policy information over HTTPS to clients requesting digital certificates in an Active Directory Certificate Services environment.
- F. None of above. chosen
Statements (49)
| Predicate | Object |
|---|---|
| instanceOf |
PKI protocol
ⓘ
internet protocol ⓘ |
| abbreviationFor | Online Certificate Status Protocol NERFINISHED ⓘ |
| addressesProblem |
bandwidth overhead of CRLs
ⓘ
latency of CRL distribution ⓘ |
| alternativeTo | certificate revocation lists ⓘ |
| canBe | mandatory in some security policies ⓘ |
| category | certificate status protocol ⓘ |
| checksStatusOf | X.509 digital certificate ⓘ |
| clientTypicallyIs |
TLS client
ⓘ
web browser ⓘ |
| definedFor | X.509 PKI NERFINISHED ⓘ |
| definedInRFC | RFC 6960 NERFINISHED ⓘ |
| fullName | Online Certificate Status Protocol NERFINISHED ⓘ |
| hasVariant |
OCSP stapling
ⓘ
TLS Certificate Status Request extension NERFINISHED ⓘ |
| improves | timeliness of revocation information ⓘ |
| mayLeak | client browsing behavior if queried directly ⓘ |
| obsoletes | RFC 2560 NERFINISHED ⓘ |
| operatesBetween | OCSP client and OCSP responder ⓘ |
| purpose | obtain real-time revocation status of digital certificates ⓘ |
| relatedStandard | RFC 5019 NERFINISHED ⓘ |
| reliesOn | trust in OCSP responder certificate ⓘ |
| replaces | CRL polling in some deployments ⓘ |
| requestFormat | ASN.1 ⓘ |
| responderTypicallyIs | certificate authority service ⓘ |
| responseFormat | ASN.1 NERFINISHED ⓘ |
| responseSignedBy |
OCSP responder
ⓘ
certificate authority ⓘ |
| RFC 5019Defines | lightweight OCSP profile ⓘ |
| roleInSecurity | certificate revocation checking ⓘ |
| specifiedIn | PKIX standards ⓘ |
| standardizedBy |
Internet Engineering Task Force
ⓘ
surface form:
IETF
|
| supportsExtension |
CRL references
ⓘ
archive cutoff ⓘ nonce ⓘ service locator ⓘ |
| supportsStatus |
good
ⓘ
revoked ⓘ unknown ⓘ |
| transportsOver |
HTTP
NERFINISHED
ⓘ
HTTPS ⓘ |
| usedIn |
HTTPS
NERFINISHED
ⓘ
TLS NERFINISHED ⓘ X.509 certificate validation ⓘ public key infrastructure ⓘ |
| usesCryptography | public key cryptography ⓘ |
| usesModel | request-response ⓘ |
| usesSignatureAlgorithm | digital signatures ⓘ |
How these facts were elicited
The pipeline generated the facts above by prompting gpt-5.1 with this entity's name + description and the instruction below.
You are a knowledge base construction expert. Given a subject entity and a description of it, return factual statements that you know for the subject as a JSON list of dictionaries(triples), where keys must be "subject", "predicate" and "object". The number of facts may be very high, between 25 to 50 or more, for very popular subjects. For less popular subjects, the number of facts can be very low, like 5 or 10. # Requirements - If you don't know the subject at all, return an empty list. - If the subject is not a named entity, return an empty list. - Include at least one triple where predicate is "instanceOf". - Do not get too wordy. - Separate several objects into multiple triples with one object.
Subject: OCSP Description of subject: OCSP (Online Certificate Status Protocol) is an internet protocol used to obtain the real-time revocation status of digital certificates in public key infrastructures.
Referenced by (1)
Full triples — surface form annotated when it differs from this entity's canonical label.